You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Customer intent: As an application developer, I want to learn how to add authentication to ASP.NET Core web apps and authorization to protected web APIs.
17
17
---
18
18
19
19
# Microsoft Identity Web authentication library
20
20
21
-
Microsoft Identity Web is a set of ASP.NET Core libraries that simplifies adding authentication and authorization support to web apps and web APIs integrating with the Microsoft identity platform. It provides a single-surface API convenience layer that ties together ASP.NET Core, its authentication middleware, and the [Microsoft Authentication Library (MSAL) for .NET](https://github.com/azuread/microsoft-authentication-library-for-dotnet).
21
+
Microsoft Identity Web is a set of ASP.NET Core libraries that simplifies adding authentication and authorization support to web apps and web APIs integrating with the Microsoft identity platform. It provides a single-surface API convenience layer that ties together ASP.NET Core, its authentication middleware, and the [Microsoft Authentication Library (MSAL) for .NET](https://github.com/azuread/microsoft-authentication-library-for-dotnet). It can be installed via NuGet or by using a Visual Studio project template to create a new app project
22
22
23
-
You can get Microsoft.Identity.Web from NuGet or by using a Visual Studio project template to create a new app project.
24
23
25
24
## Supported application scenarios
26
25
27
-
If you're building ASP.NET Core web apps or web APIs and want to use Azure Active Directory (Azure AD) or Azure AD B2C for identity and access management (IAM), we recommend using Microsoft Identity Web for all of these scenarios:
26
+
When building ASP.NET Core web apps or web APIs that use Azure Active Directory (Azure AD) or Azure AD B2C for identity and access management (IAM), Microsoft Identity Web is recommended for these scenarios:
28
27
29
28
-[Web app that signs in users](scenario-web-app-sign-user-overview.md)
30
29
-[Web app that signs in users and calls a web API on their behalf](scenario-web-app-call-api-overview.md)
@@ -33,7 +32,7 @@ If you're building ASP.NET Core web apps or web APIs and want to use Azure Activ
33
32
34
33
## Install from NuGet
35
34
36
-
Microsoft Identity Web is available on NuGet as a set of packages that provide modular functionality based on your app's needs. Use the .NET CLI's `dotnet add` command or Visual Studio's **NuGet Package Manager** to install the packages appropriate for your project:
35
+
Microsoft Identity Web is available on NuGet as a set of packages that provide modular functionality based on application requirements. Use the .NET CLI's `dotnet add` command or Visual Studio's **NuGet Package Manager** to install the appropriate packages:
37
36
38
37
-[Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web) - The main package. Required by all apps that use Microsoft Identity Web.
39
38
-[Microsoft.Identity.Web.UI](https://www.nuget.org/packages/Microsoft.Identity.Web.UI) - Optional. Adds UI for user sign-in and sign-out and an associated controller for web apps.
@@ -42,56 +41,19 @@ Microsoft Identity Web is available on NuGet as a set of packages that provide m
42
41
43
42
## Install by using a Visual Studio project template
44
43
45
-
Several project templates that use MicrosoftIdentityWeb are included in .NET SDK versions 5.0 and above. The project templates aren't included in the ASP.NET Core 3.1 SDK, but you can install them separately.
44
+
Several project templates that use *Microsoft.Identity.Web* are included in .NET SDK versions 6.0 and above.
46
45
47
-
### .NET 5.0+ - Project templates included
46
+
### .NET 6.0+ - Project templates included
48
47
49
-
The Microsoft Identity Web project templates are included in .NET SDK versions 5.0 and above.
48
+
The Microsoft Identity Web project templates are included in .NET SDK versions 6.0 and above.
50
49
51
-
This example .NET CLI command creates a Blazor Server project that includes Microsoft Identity Web.
50
+
In the following example, .NET CLI command creates a Blazor Server project that includes Microsoft Identity Web.
Don't append a `2` to the application type argument (`blazorserver` in the example) if you're using the templates included in .NET SDK 5.0+. Include the `2` suffix *only* if you're on ASP.NET Core 3.1 and you installed the templates separately as described in the next section.
58
-
59
-
### ASP.NET Core 3.1 - Install the project templates
60
-
61
-
If you're using ASP.NET Core 3.1, install the project templates from NuGet.
62
-
63
-
```dotnetcli
64
-
dotnet new --install Microsoft.Identity.Web.ProjectTemplates
65
-
```
66
-
67
-
For ASP.NET Core 3.1 *only*, append a `2` to the application type argument when you create a new project:
The following diagram shows several of the available app type templates and their arguments. Append a `2` to the app type argument (`blazorserver2` in the example) only if you're using the ASP.NET Core 3.1 SDK and you installed the templates by using `dotnet new --install`.
74
-
75
-
:::image type="content" source="media/microsoft-identity-web-overview/diagram-microsoft-identity-web-templates.png" lightbox="media/microsoft-identity-web-overview/diagram-microsoft-identity-web-templates.png" alt-text="Diagram of the available dot net CLI project templates for Microsoft Identity Web":::
76
-
<br /><sup><b>*</b></sup> `MultiOrg` is not supported with `webapi2`, but can be enabled in *appsettings.json* by setting tenant to `common` or `organizations`
77
-
<br /><sup><b>**</b></sup> `--calls-graph` is not supported for Azure AD B2C
78
-
79
-
## Features of the project templates
80
-
81
-
Microsoft Identity Web includes several features not available in the default ASP.NET Core 3.1 project templates.
82
-
83
-
| Feature | ASP.NET Core 3.1 | Microsoft Identity Web |
|[Sign in users](scenario-web-app-sign-user-app-configuration.md) in web apps | <li>Work or school accounts<li>Social identities (with Azure AD B2C) | <li>Work or school accounts<li>Personal Microsoft accounts<li>Social identities (with Azure AD B2C) |
86
-
|[Protect web APIs](scenario-protected-web-api-app-configuration.md#microsoftidentityweb)| <li>Work or school accounts<li>Social identities (with Azure AD B2C) | <li>Work or school accounts<li>Personal Microsoft accounts<li>Social identities (with Azure AD B2C) |
87
-
| Issuer validation in multi-tenant apps | No | Yes, for [all clouds](authentication-national-cloud.md) and [Azure AD B2C](../../active-directory-b2c/index.yml)|
88
-
| Web app/API [calls Microsoft graph][scenario-api-call-graph]| No | Yes |
89
-
| Web app/API [calls web API][scenario-api-call-api]| No | Yes |
90
-
| Supports certificate credentials | No | Yes, including Azure Key Vault |
91
-
| Incremental consent and conditional access support in web apps | No | Yes, in MVC, Razor pages, and Blazor |
92
-
| Token encryption certificates in web APIs | No | Yes |
93
-
|[Scopes/app role validation][scenario-api-validation] in web APIs | No | Yes |
94
-
|`WWW-Authenticate` header generation in web APIs | No | Yes |
56
+
Don't append a `2` to the application type argument, `blazorserver` in the example, because templates included in .NET SDK 6.0+ are being used.
95
57
96
58
## Next steps
97
59
@@ -109,6 +71,6 @@ The Microsoft Identity Web wiki on GitHub contains extensive reference documenta
0 commit comments